PHPackages                             newlandpe/oauth2-xauthconnect - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. newlandpe/oauth2-xauthconnect

Abandoned → [xauth/oauth2-xauthconnect](/?search=xauth%2Foauth2-xauthconnect)Library[Authentication &amp; Authorization](/categories/authentication)

newlandpe/oauth2-xauthconnect
=============================

XAuthConnect provider for The PHP League OAuth2-Client.

v0.3.0(4mo ago)05LicenseRef-CSSM-Unlimited-2.0PHPPHP ^7.4 || ^8.0CI passing

Since Oct 14Pushed 2mo agoCompare

[ Source](https://github.com/xauth-ecosystem/oauth2-xauthconnect)[ Packagist](https://packagist.org/packages/newlandpe/oauth2-xauthconnect)[ RSS](/packages/newlandpe-oauth2-xauthconnect/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (3)Dependencies (5)Versions (4)Used By (0)

XAuthConnect Provider for The PHP League OAuth 2.0 Client
=========================================================

[](#xauthconnect-provider-for-the-php-league-oauth-20-client)

[![Latest Stable Version](https://camo.githubusercontent.com/69a0e8111d2f1a499a90befad98e86a860193e1ed882b46533b38ece50156b74/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f78617574682f6f61757468322d7861757468636f6e6e6563742e7376673f6c6162656c3d5061636b6167697374266c6f676f3d7061636b6167697374)](https://packagist.org/packages/xauth/oauth2-xauthconnect)[![Total Downloads](https://camo.githubusercontent.com/43023996fa820d304133975c77bff6fd7408e7f177b086b6825bea7c420f2b08/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f78617574682f6f61757468322d7861757468636f6e6e6563742e7376673f6c6162656c3d446f776e6c6f616473266c6f676f3d7061636b6167697374)](https://packagist.org/packages/xauth/oauth2-xauthconnect)[![License](https://camo.githubusercontent.com/b09fb21200e4af9905e627cca90185c335cb497b579b93480fc067e10bb3b604/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f78617574682f6f61757468322d7861757468636f6e6e6563742e7376673f6c6162656c3d4c6963656e6365266c6f676f3d6f70656e2d736f757263652d696e6974696174697665)](https://packagist.org/packages/xauth/oauth2-xauthconnect)[![Tests](https://camo.githubusercontent.com/1eccfbdad77612683895b3d677ff95cf3f9dae5d00c07c568ad8bcbdd4fc2f20/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f78617574682d65636f73797374656d2f6f61757468322d7861757468636f6e6e6563742f706870756e69742e796d6c3f6c6162656c3d5465737473266c6f676f3d676974687562)](https://github.com/xauth-ecosystem/oauth2-xauthconnect/actions/workflows/phpunit.yml)[![Test Coverage](https://camo.githubusercontent.com/d0b9ab847567abe48700f8586ba5307fe3f26cc8c04215cea7cc77fac2508b38/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f78617574682d65636f73797374656d2f6f61757468322d7861757468636f6e6e6563743f6c6162656c3d54657374253230436f766572616765266c6f676f3d636f6465636f76)](https://app.codecov.io/gh/xauth-ecosystem/oauth2-xauthconnect)

This package provides an OAuth 2.0 client provider for integrating with an XAuthConnect authorization server. It is built to work with the popular [`league/oauth2-client`](https://github.com/thephpleague/oauth2-client) package.

This provider allows you to easily implement the "Login with XAuthConnect" functionality in any PHP application that uses `league/oauth2-client`.

Features
--------

[](#features)

- **OIDC Discovery:** Automatically configure endpoints from a single `issuer` URL.
- Implements the standard **Authorization Code Grant** flow.
- Supports **PKCE** (Proof Key for Code Exchange) for enhanced security.
- Provides helper methods for XAuthConnect-specific features:
    - **Token Introspection** (`introspectToken`)
    - **Token Revocation** (`revokeToken`)
- Fully compliant with the `league/oauth2-client` `AbstractProvider`.
- Exposes user data (`ID`, `Nickname`) through a `ResourceOwner` object.

Installation
------------

[](#installation)

Install the package via Composer:

```
composer require xauth/oauth2-xauthconnect
```

This package now requires `guzzlehttp/guzzle` v7.0 or greater.

### Installing from a local path (for development)

[](#installing-from-a-local-path-for-development)

If you're developing this library locally or need to use it as a path repository:

1. Place this library in a directory within your project (e.g., `oauth_libs/oauth2-xauthconnect`).
2. Add the following to your main `composer.json` file:

```
{
    "require": {
        "xauth/oauth2-xauthconnect": "@dev"
    },
    "repositories": [
        {
            "type": "path",
            "url": "./path/to/your/oauth2-xauthconnect"
        }
    ],
    "minimum-stability": "dev"
}
```

3. Run `composer update` to install the dependencies.

Usage
-----

[](#usage)

Follow these steps to integrate XAuthConnect into your application.

### 1. Initialization

[](#1-initialization)

You can initialize the provider in two ways.

#### Method 1: OIDC Discovery (Recommended)

[](#method-1-oidc-discovery-recommended)

Provide the `issuer` URL of your XAuthConnect server. The provider will automatically discover all the required endpoint URLs.

Important

The `issuer` URL must be publicly accessible and resolvable from the environment where your application is running for OIDC discovery to succeed. If the issuer is not accessible, you must use Method 2 for manual configuration.

```
require_once 'vendor/autoload.php';

$provider = new ChernegaSergiy\XAuthConnect\OAuth2\Client\Provider\XAuthConnect([
    'clientId'     => 'your-client-id',
    'clientSecret' => 'your-client-secret',
    'redirectUri'  => 'https://your-redirect-uri.com',
    'issuer'       => 'https://xauth-server.com' // Base URL of your XAuthConnect server
]);
```

#### Method 2: Manual Configuration

[](#method-2-manual-configuration)

If your OIDC `issuer` is not publicly accessible, or if you need to specify or override specific endpoint URLs manually, you can do so by providing them in the constructor options. This method is also useful for overriding a specific endpoint URL discovered via the `issuer`.

The following options are available for manual configuration:

- `baseAuthorizationUrl`
- `baseAccessTokenUrl`
- `resourceOwnerDetailsUrl`
- `introspectUrl`
- `revokeUrl`

For example, if the discovery document provides a wrong `token_endpoint`, you can override it:

```
$provider = new ChernegaSergiy\XAuthConnect\OAuth2\Client\Provider\XAuthConnect([
    'clientId'                => 'your-client-id',
    'clientSecret'            => 'your-client-secret',
    'redirectUri'             => 'https://your-redirect-uri.com',
    'issuer'                  => 'https://xauth-server.com', // Still recommended

    // Manually override the token endpoint
    'baseAccessTokenUrl'      => 'httpa://new-token-url.com/token',
]);
```

### 2. Authorization

[](#2-authorization)

Redirect the user to the XAuthConnect server to authorize your application.

```
// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {

    // Fetch the authorization URL from the provider; this returns the
    // urlAuthorize URL and generates and stores the state value in the session.
    $authorizationUrl = $provider->getAuthorizationUrl();
    $_SESSION['oauth2state'] = $provider->getState();

    header('Location: ' . $authorizationUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])) {

    if (isset($_SESSION['oauth2state'])) {
        unset($_SESSION['oauth2state']);
    }

    exit('Invalid state');
}
```

### 3. Getting an Access Token

[](#3-getting-an-access-token)

After the user authorizes, they will be redirected back to your `redirectUri` with a `code`. Use this code to get an access token.

```
try {
    // Try to get an access token using the authorization code grant.
    $accessToken = $provider->getAccessToken('authorization_code', [
        'code' => $_GET['code']
    ]);

    // We have an access token, let's use it!
    echo 'Access Token: ' . $accessToken->getToken() . "";
    echo 'Refresh Token: ' . $accessToken->getRefreshToken() . "";
    echo 'Expired in: ' . $accessToken->getExpires() . "";
    echo 'Already expired? ' . ($accessToken->hasExpired() ? 'Yes' : 'No') . "";

} catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {
    // Failed to get the access token or user details.
    exit($e->getMessage());
}
```

### 4. Getting Resource Owner Details

[](#4-getting-resource-owner-details)

With the access token, you can now fetch the user's profile information.

```
try {
    // Returns a XAuthConnectUser instance.
    $user = $provider->getResourceOwner($accessToken);

    printf('Hello, %s!', $user->getNickname());
    echo 'Your UUID is: ' . $user->getId();

    // Get all user data as an array.
    var_dump($user->toArray());

} catch (Exception $e) {
    // Failed to get user details
    exit('Oh dear...');
}
```

Extra Features
--------------

[](#extra-features)

This provider includes methods for XAuthConnect-specific endpoints.

### Introspecting a Token

[](#introspecting-a-token)

You can check if a token is active and view its metadata.

```
$introspectionResult = $provider->introspectToken($accessToken->getToken());

if ($introspectionResult['active']) {
    echo "Token is active.\n";
    echo "Expires at: " . date('Y-m-d H:i:s', $introspectionResult['exp']);
} else {
    echo "Token is not active.";
}
```

### Revoking a Token

[](#revoking-a-token)

You can invalidate an access or refresh token on the server.

```
// Revoke the access token
$provider->revokeToken($accessToken->getToken());

// Revoke the refresh token
$provider->revokeToken($accessToken->getRefreshToken());

echo "Tokens have been revoked.";
```

Contributing
------------

[](#contributing)

Contributions are welcome and appreciated! Here's how you can contribute:

1. Fork the project on GitHub.
2. Create your feature branch (`git checkout -b feature/AmazingFeature`).
3. Commit your changes (`git commit -m 'Add some AmazingFeature'`).
4. Push to the branch (`git push origin feature/AmazingFeature`).
5. Open a Pull Request.

Please make sure to update tests as appropriate and adhere to the existing coding style.

License
-------

[](#license)

This library is licensed under the CSSM Unlimited License v2.0 (CSSM-ULv2). See the [LICENSE](LICENSE) file for details.

###  Health Score

32

—

LowBetter than 72% of packages

Maintenance81

Actively maintained with recent releases

Popularity4

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity32

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~38 days

Total

3

Last Release

133d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/e2471bdadcf4a5ea969fe763a72d03fb46525b59a7e4cedc3ed4d855029e7785?d=identicon)[ChernegaSergiy](/maintainers/ChernegaSergiy)

---

Top Contributors

[![ChernegaSergiy](https://avatars.githubusercontent.com/u/60980650?v=4)](https://github.com/ChernegaSergiy "ChernegaSergiy (51 commits)")

---

Tags

identity-providerleague-oauth2libraryoauth2-clientphpxauth-connectxauth-ecosystem

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/newlandpe-oauth2-xauthconnect/health.svg)

```
[![Health](https://phpackages.com/badges/newlandpe-oauth2-xauthconnect/health.svg)](https://phpackages.com/packages/newlandpe-oauth2-xauthconnect)
```

###  Alternatives

[google/auth

Google Auth Library for PHP

1.4k272.7M162](/packages/google-auth)[thenetworg/oauth2-azure

Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client

2509.6M48](/packages/thenetworg-oauth2-azure)[stevenmaguire/oauth2-keycloak

Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client

2275.9M27](/packages/stevenmaguire-oauth2-keycloak)[patrickbussmann/oauth2-apple

Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client

1132.5M6](/packages/patrickbussmann-oauth2-apple)[civicrm/civicrm-core

Open source constituent relationship management for non-profits, NGOs and advocacy organizations.

728272.9k20](/packages/civicrm-civicrm-core)[xeroapi/xero-php-oauth2

Xero official PHP SDK for oAuth2 generated with OpenAPI spec 3

1054.3M14](/packages/xeroapi-xero-php-oauth2)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)